Prasanna V Balaji

**Name of the Vulnerable Software and Affected Versions** WP Repost versions 0.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WP Repost versions 0.1 and earlier, update to a version that fixes the Missing Authorization issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerod Santo WordPress Console versions 0.3.9 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Jerod Santo WordPress Console versions 0.3.9 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided.

**Name of the Vulnerable Software and Affected Versions** WPIndeed Debug Assistant plugin versions 1.4 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application. **Recommendations** For WPIndeed Debug Assistant plugin versions 1.4 and earlier, update to a version later than 1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ezoic AmpedSense – AdSense Split Tester plugin versions <= 4.68 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Ezoic AmpedSense – AdSense Split Tester plugin versions <= 4.68, update to a version higher than 4.68 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hassan Ali Snap Pixel plugin versions <= 1.5.7 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Hassan Ali Snap Pixel plugin versions <= 1.5.7, update to a version higher than 1.5.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Caret Country Access Limit plugin versions prior to 1.0.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to perform unintended actions on a web application that a user is authenticated to. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** automatededitor.Com Automated Editor plugin versions <= 1.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 1.3, update to a version that contains a fix for this issue, as using an affected version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PressPage Entertainment Inc. Smarty for WordPress plugin versions 3.1.35 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For PressPage Entertainment Inc. Smarty for WordPress plugin versions 3.1.35 and earlier, update to a version later than 3.1.35 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PressPage Entertainment Inc. Smarty for WordPress plugin versions 3.1.35 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin access can inject malicious scripts into the application, potentially affecting other users. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 3.1.35 and earlier, update to a version later than 3.1.35 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Carrrot plugin versions <= 1.1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Carrrot plugin and can be exploited by an attacker to inject malicious scripts into the application. **Recommendations** For Carrrot plugin versions <= 1.1.0, update to a version greater than 1.1.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gsmith Cookie Monster plugin versions <= 1.51 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts into the application, which can then be executed by other users. The vulnerability is present in the gsmith Cookie Monster plugin and requires authentication with admin+ privileges to exploit. **Recommendations** For gsmith Cookie Monster plugin versions <= 1.51, update to a version higher than 1.51 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin versions <= 1.8.5 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 1.8.5, update to a version greater than 1.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available. Avoid using the plugin in production environments until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Essitco AFFILIATE Solution plugin versions <= 1.0 **Description** The issue is related to an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with administrative access can inject malicious scripts into the application, which can then be executed by other users. The vulnerability is present in the Essitco AFFILIATE Solution plugin. **Recommendations** For versions <= 1.0, update to a version greater than 1.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WeSecur Security plugin versions 1.2.1 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For WeSecur Security plugin versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** asMember plugin versions <= 1.5.4 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin or higher privileges. **Recommendations** For asMember plugin versions <= 1.5.4, update to a version higher than 1.5.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPIndeed Debug Assistant plugin versions 1.4 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For WPIndeed Debug Assistant plugin versions 1.4 and earlier, update to a version later than 1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp2syslog plugin versions 1.0.5 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For wp2syslog plugin versions 1.0.5 and earlier, update to a version later than 1.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CMS Press plugin versions 0.2.3 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For CMS Press plugin versions 0.2.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.